The ravings of a SANS/GIAC GSE (Compliance & Malware)
For more information on my role as a presenter and commentator on IT Security, Digital Forensics Statistics and Data Mining;
E-mail me: "craigswright @ acm.org".

Dr. Craig S Wright GSE

Followers

My Profile

Share it

What is happening

BooksI have a few books and another is on the way for 2012. Firstly, I have to plug the first in the Syngress Series of books on IT Audit. This is a comprehensive compliance hand governance handbook with EVERYTHING (from the high level to the hands on for the expert) to get you started in IT compliance and systems security. The main book is "IT REGULATORY AND STANDARDS COMPLIANCE HANDBOOK". This is the first in a series I have planned and more will follow in time. There will be electronic updates to this book over time to maintain it to a current level over time.

I will be working on co-authoring a book on CIP (Critical Infrastructure Protection) - but more on this later.

On top of this I recycle computers. To do this I take 1.5 to 2 year old corporate lease computers and refurbish them so that they can run the most current programs.

The question is - what do you do to help?

If you do not have the time, have you though about a donation?

This blog has been monetarised. This is where the money goes. By clicking and purchasing on this site, you help Burnside and Hackers for Charity. All monies earned here are split 50/50 between these two charities.

Who I am...or what...

Visitor locations

Saturday, 23 February 2008

Many people believe that the Internet is a legislative nowhere land. The truth however is quite different with the majority of governments acting quickly correcting legal deficiencies and holes in recognition of the importance and value of information technology and the Internet. In many ways, law reform has moved faster around the Internet than many other technologies. The US in particular, has been quick to act introducing various specific immunities for Internet intermediaries. Many other jurisdictions including the EU have implemented substantial programs aimed at curtailing any legislative flaws.

The US has introduced a detailed set of immunities is a part of the online copyright infringement liability limitation act[1] (contained within the Digital millennium Copyright act) in order to ratify the provisions of the WIPO Copyright Treaty[2]. These provisions provide immunity from prosecution to Internet intermediaries involved in the mere transmission of packets[3], who maintain automated cache Systems, who host third-party resources and those who provide search tools. There are conditions associated with these immunities. It is required that the Internet intermediary has a lack of knowledge of the transgression, but they do not receive direct financial benefit from it, and that they respect and do not try to bypass copyright protection technologies.

General immunity provisions have also been introduced within the US through the Communications Decency Act (1996)[4]. This act introduced new criminal offences of knowingly creating, sending, transmitting or displaying of obscene or indecent materials to minors. This act introduced a number of “Good Samaritan” provisions permitting ISPs to introduce blocking or filtering technology while not becoming classified by the courts to be a publisher or editor. This allows an ISP to filter this material without assuming any responsibility for third-party content.The EU E-Commerce Directive[5] provides a similar provisions offering protection for both packet transmitters and cache operators[6]. It is still possible however that an ISP could be required to either actively monitor content or at the least to take down prescribed content following a notification or advice as to its existence. If, following being advised, the ISP had not removed the offending content, liability would still apply.

The US Senate has approved S.B. 2248, a measure that grants immunity from prosecution to telecommunications companies such as ISPs that cooperate with intelligence gathering requests from the government[7]. This amendment to the Foreign Intelligence Surveillance Act (FISA)[8] would if passed increases government powers to eavesdrop on communications in certain cases without a warrant. Though there is an increase to selected protections for Internet intermediaries, there are still issues. If for instance an ISP sees an action to violate the constitutional rights of their clients and does not immediately respond, they do not receive immunity if eventually forced to respond. Further, the immunity only applies selectively to government agencies and no other actions.

The UK at the moment is in a state of flux. The release of the “Creative Britain; new talents for the new economy”[9] carries with it the potential to create additional liabilities for Internet intermediaries. It is proposed that either Internet service providers engage in a voluntary code of conduct that provides security controls and monitoring, or else it is likely that the government will implement these controls. Ideally, intermediaries will work together formulate an industry code of practice thus negating the need for government intervention and also reducing their exposure to both contractual breaches and tortuous liability.

[1] The Online Copyright Infringement Liability Limitation Act (OCILLA) is a portion of the Digital Millennium Copyright Act known as DMCA 512 or the DMCA takedown provisions. It is a 1998 United States federal law that provided a safe harbour to online service providers (OSPs, including ISPs, internet service providers) that promptly take down content if someone alleges it infringes their copyrights. Section 512 was added to the Copyright law in Title 17 of the United States Code (Public Law No. 105-304, 112 Stat. 2860, 2877).[2] The European Union's Electronic Commerce directive contains similar notice and takedown provisions in its Article 14. In France, the Digital Economy Law ("Loi relative à l'économie numérique") implements this directive. In Finland "Laki tietoyhteiskunnan palvelujen tarjoamisesta" implements the directive.[3] The UK legislation, Statutory Instrument 2002 No. 2013, The Electronic Commerce (EC Directive) Regulations 2002 states in section, “Mere conduit” is functionally equivalent to this provision..[4] Communications Decency Act (1996)[5] Directive 2000/31/EC on Electronic Commerce OJ L 178 p1, 17 July 2000[6] Statutory Instrument 2002 No. 2013, The Electronic Commerce (EC Directive) Regulations 2002 states in section, “Caching”: “Where an information society service is provided which consists of the transmission in a communication network of information provided by a recipient of the service, the service provider (if he otherwise would) shall not be liable for damages or for any other pecuniary remedy or for any criminal sanction as a result of that transmission where -(a) the information is the subject of automatic, intermediate and temporary storage where that storage is for the sole purpose of making more efficient onward transmission of the information to other recipients of the service upon their request, and(b) the service provider -(i) does not modify the information;(ii) complies with conditions on access to the information;(iii) complies with any rules regarding the updating of the information, specified in a manner widely recognised and used by industry;(iv) does not interfere with the lawful use of technology, widely recognised and used by industry, to obtain data on the use of the information; and(v) acts expeditiously to remove or to disable access to the information he has stored upon obtaining actual knowledge of the fact that the information at the initial source of the transmission has been removed from the network, or access to it has been disabled, or that a court or an administrative authority has ordered such removal or disablement.”[7] See, http://www.washingtonpost.com/wp-dyn/content/article/2008/02/12/AR2008021201202_pf.html[8] The Foreign Intelligence Surveillance Act (FISA) of 1978 is a U.S. federal law prescribing procedures for the physical and electronic surveillance and collection of "foreign intelligence information" between or among "foreign powers" on territory under United States control. FISA is codified in 50 U.S.C. §§1801–1811, 1821–29, 1841–46, and 1861–62.[1] The subchapters of FISA provide for Electronic Surveillance, Physical Searches, Pen Registers and Trap & Trace Devices for Foreign Intelligence Purposes, and Access to certain Business Records for Foreign Intelligence Purposes.[9] Department for Culture, Media and Sport, 22 Feb 2008